CN113688401B - Vulnerability repairing method based on big data vulnerability mining and artificial intelligence mining system - Google Patents

Vulnerability repairing method based on big data vulnerability mining and artificial intelligence mining system Download PDF

Info

Publication number
CN113688401B
CN113688401B CN202111015428.XA CN202111015428A CN113688401B CN 113688401 B CN113688401 B CN 113688401B CN 202111015428 A CN202111015428 A CN 202111015428A CN 113688401 B CN113688401 B CN 113688401B
Authority
CN
China
Prior art keywords
vulnerability
repair
mining
bug
vulnerability repair
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111015428.XA
Other languages
Chinese (zh)
Other versions
CN113688401A (en
Inventor
杨馨
姜虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Heren Technology Co ltd
Original Assignee
Zhejiang Heren Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Heren Technology Co ltd filed Critical Zhejiang Heren Technology Co ltd
Priority to CN202111015428.XA priority Critical patent/CN113688401B/en
Publication of CN113688401A publication Critical patent/CN113688401A/en
Application granted granted Critical
Publication of CN113688401B publication Critical patent/CN113688401B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the application provides a vulnerability repair method based on big data vulnerability mining and an artificial intelligence mining system, wherein vulnerability repair reference vector sets which are corresponding to designated mining paths and do not carry vulnerability repair activities with target repair category attributes and target output vulnerability mining distribution corresponding to the designated mining paths are obtained based on a vulnerability repair component updating model, vulnerability repair component updating information aiming at target application software services is obtained, and then vulnerability repair is carried out on the target application software services through updated vulnerability repair components based on the target output vulnerability mining distribution. As such, the bug fixes may be performed based on bug fix components that are adapted to past bug fix activities. In addition, the vulnerability repair also refers to target output vulnerability mining distribution in the specified mining path, so that the completeness of vulnerability repair can be improved, and the stability of service operation is improved.

Description

Vulnerability repairing method based on big data vulnerability mining and artificial intelligence mining system
Technical Field
The application relates to the technical field of internet service optimization, in particular to a vulnerability repairing method and an artificial intelligence mining system based on big data vulnerability mining.
Background
System Vulnerabilities (System Vulnerabilities) refer to defects or errors in logic design of application software or operating System software, are utilized by lawless persons, attack or control the whole computer by implanting trojans, viruses and the like in a network, steal important data and information in the computer, and even damage the System. Different security loopholes exist between different types of software and hardware equipment, different versions of the same equipment, different systems composed of different equipment, and the same system under different setting conditions. In the related technology, by analyzing the software service vulnerability information, the target output vulnerability mining distribution can be obtained so as to be beneficial to follow-up vulnerability repair. The bug fixing scheme in the related art cannot effectively refer to the past bug fixing activities, and the bug fixing integrity is slightly insufficient, so that the stability of the service operation service can be influenced.
Disclosure of Invention
In order to overcome at least the above defects in the prior art, the present application aims to provide a vulnerability repairing method and an artificial intelligence mining system based on big data vulnerability mining.
In a first aspect, the application provides a vulnerability repairing method based on big data vulnerability mining, which is applied to an artificial intelligence mining system, wherein the artificial intelligence mining system is in communication connection with a plurality of cloud service systems, and the method comprises the following steps:
acquiring a specified mining path, a vulnerability repair reference vector set which is corresponding to a target application software service and does not carry vulnerability repair activities of target repair category attributes and target output vulnerability mining distribution corresponding to the specified mining path based on change indication information of a vulnerability repair component aiming at the target application software service;
based on the vulnerability repair reference vector set of the vulnerability repair activities which do not carry the target repair category attributes, obtaining vulnerability repair component update information aiming at the target application software service through a vulnerability repair component update model which is subjected to AI training in advance, and updating the vulnerability repair components of the target application software service;
and performing vulnerability repair on the target application software service through the updated vulnerability repair component based on the target output vulnerability mining distribution.
In a second aspect, an embodiment of the present application further provides a vulnerability discovery system based on big data vulnerability discovery, where the vulnerability discovery system based on big data vulnerability discovery includes an artificial intelligence discovery system and a plurality of cloud service systems in communication connection with the artificial intelligence discovery system;
the artificial intelligence excavation system is used for:
acquiring a specified mining path, a vulnerability repair reference vector set which is corresponding to a target application software service and does not carry vulnerability repair activities of target repair category attributes and target output vulnerability mining distribution corresponding to the specified mining path based on change indication information of a vulnerability repair component aiming at the target application software service;
based on the vulnerability repair reference vector set of the vulnerability repair activities which do not carry the target repair category attributes, obtaining vulnerability repair component update information aiming at the target application software service through a vulnerability repair component update model which is subjected to AI training in advance, and updating the vulnerability repair components of the target application software service;
and performing vulnerability repair on the target application software service through the updated vulnerability repair component based on the target output vulnerability mining distribution.
Based on the above aspects, based on the change indication information of the bug fixing component for the target application software service, acquiring a specified excavation path and a bug fixing reference vector set of the bug fixing activity which does not carry the target fixing type attribute and corresponds to the target application software service and a target output bug fixing distribution which corresponds to the specified excavation path, then based on the bug fixing reference vector set of the bug fixing activity which does not carry the target fixing type attribute, and carrying out model convergence configuration on the reference bug fixing reference vector set with bug fixing strength to obtain a bug fixing component updating model, so as to obtain bug fixing component updating information for the target application software service, and updating the bug fixing component of the target application software service. And finally, performing vulnerability repair on the target application software service through the updated vulnerability repair component based on the target output vulnerability mining distribution. In this way, vulnerability repair updating of the target application software service for the vulnerability repair component of the repair node can be achieved according to the vulnerability repair strength of the repair node, so that vulnerability repair can be performed based on the vulnerability repair component adaptive to past vulnerability repair activities. In addition, the vulnerability repair also refers to target output vulnerability mining distribution in the specified mining path, so that the completeness of vulnerability repair can be improved, and the stability of service operation is improved.
Drawings
In order to more clearly explain the technical solutions of the embodiments of the present application, the drawings that need to be called in the embodiments are briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive efforts.
Fig. 1 is an application scenario diagram of a vulnerability fixing system based on big data vulnerability discovery according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a vulnerability fixing method based on big data vulnerability discovery according to an embodiment of the present application;
fig. 3 is a block diagram illustrating a structure of an artificial intelligence mining system for implementing the vulnerability fixing method based on big data vulnerability mining according to the embodiment of the present application.
Detailed Description
Fig. 1 is a schematic application scenario diagram of a vulnerability fixing system 10 based on big data vulnerability mining according to an embodiment of the present application. The vulnerability fix system 10 based on big data vulnerability mining may include an artificial intelligence mining system 100 and a cloud service system 200 communicatively connected to the artificial intelligence mining system 100. The vulnerability fix system 10 based on big data vulnerability discovery shown in fig. 1 is only one possible example, and in other possible embodiments, the vulnerability fix system 10 based on big data vulnerability discovery may also only include at least some of the components shown in fig. 1 or may also include other components.
In an embodiment that may be based on independent conception, the artificial intelligence mining system 100 and the cloud service system 200 in the vulnerability repair system 10 based on big data vulnerability mining may execute the vulnerability repair method based on big data vulnerability mining described in the following method embodiments in a matching manner, and specific steps of executing the artificial intelligence mining system 100 and the cloud service system 200 may refer to the detailed description of the following method embodiments.
The vulnerability fixing method based on big data vulnerability discovery provided by this embodiment may be executed by the artificial intelligence mining system 100 shown in fig. 1, and the vulnerability fixing method based on big data vulnerability discovery is described in detail below.
Step S100, acquiring a specified mining path, a vulnerability repair reference vector set which corresponds to the target application software service and does not carry vulnerability repair activities of target repair category attributes, and a target output vulnerability mining distribution which corresponds to the specified mining path based on change indication information of the vulnerability repair component aiming at the target application software service.
In an embodiment based on an independent concept, the target application software service may refer to any software service that runs in the cloud, such as an e-commerce software service, an intelligent medical software service, and the like. The specified excavation path may refer to an excavation path for guiding an excavation direction of a previous vulnerability excavation. In the related art, bug fixing activities which do not carry specific target fixing type attributes can be generally called new bug fixing activities, and the new bug fixing activities generally refer to fixing activities triggered by newly-started software service bugs, and the fixing activities can be counted from each cloud service so as to facilitate the sharing of fixing activity data. For the newly-added bug fixing activities, feature mining which needs to be responded is carried out to avoid timely response fixing when the associated newly-added bugs are started later, that is, for the target application software service, a bug fixing reference vector set which specifies a mining path and corresponds to the target application software service and does not carry bug fixing activities with target fixing category attributes can be obtained, and the bug fixing reference vector set can be used for representing reference fixing strategy feature information in the past bug fixing process. The target output vulnerability mining distribution corresponding to the specified mining path may be obtained based on prior big data vulnerability mining, which will be described in detail later.
Step S200, based on the vulnerability repair reference vector set of the vulnerability repair activities without the target repair category attribute, obtaining vulnerability repair component update information aiming at the target application software service through a vulnerability repair component update model obtained by carrying out model convergence configuration on the reference vulnerability repair reference vector set with vulnerability repair strength, and updating the vulnerability repair component of the target application software service.
In an embodiment that may be based on an independent concept, the bug fix component may refer to a software component that is specifically in the process of performing bug fixes and may be configured with one or more corresponding bug fix policies.
Step S300, performing vulnerability repair on the target application software service through the updated vulnerability repair component based on the target output vulnerability mining distribution.
In an embodiment that may be based on an independent concept, the vulnerability repair component update information may include a repair node corresponding to a candidate vulnerability repair action with vulnerability repair strength within a target repair strength range obtained based on vulnerability repair strength data, and a vulnerability repair update policy for a corresponding repair node, so that the vulnerability repair update is performed on the vulnerability repair component of the repair node by the target application software service based on the target repair strength range where the candidate vulnerability repair action is located. For example, when the fix node is within a first target fix strength range corresponding to a first fix update behavior, the bug fix update policy for the fix node may include reducing a fix priority of the target application software service for the fix node.
In the above step S200, steps S2001 to S2005 described below may be included, which are exemplarily described below.
Step S2001, determining different bug fix positions respectively corresponding to bug fix reference vector sets that do not carry bug fix activities of the target fix category attribute and correspond to the target application software service.
Step S2002, determining, based on the different bug fix positions, a bug fix knowledge graph corresponding to the different bug fix positions. The vulnerability repair knowledge graph comprises knowledge attributes of vulnerability repair knowledge entities related to current vulnerability repair components of repair nodes corresponding to different vulnerability repair positions currently by the target application software service, such as repair frequency, repair priority and the like.
Step S2003, based on the vulnerability repair knowledge graph, performing knowledge entity configuration on a vulnerability repair reference vector set corresponding to the target application software service and not carrying vulnerability repair activities of the target repair category attribute, to obtain a knowledge entity configuration vector set corresponding to the corresponding vulnerability repair location and not carrying the target repair category attribute.
Step S2004, the vulnerability repair intensity analysis is carried out on the knowledge entity configuration vector set which does not carry the target repair category attribute through the vulnerability repair component update model, and vulnerability repair component update information of the target application software service is obtained based on vulnerability repair intensity data. In an embodiment, which may be based on an independent concept, the vulnerability fix component update model includes a vector mining structure, a vulnerability fix strength analysis structure, and an update structure.
Step S2005, sending vulnerability repair component update information of the target application software service to a vulnerability repair process corresponding to the target application software service, so as to perform vulnerability repair update on the vulnerability repair component of the repair node corresponding to the candidate vulnerability repair activity by the application software service.
In an embodiment that may be based on an independent concept, the vulnerability repair component update information includes repair nodes corresponding to candidate vulnerability repair activities having vulnerability repair strengths within a target repair strength range, which are obtained based on vulnerability repair strength data, and vulnerability repair update policies for the corresponding repair nodes. In step S2005, sending the vulnerability repair component update information of the target application software service to the vulnerability repair process corresponding to the target application software service, so as to update vulnerability repair of the vulnerability repair component of the repair node corresponding to the candidate vulnerability repair activity by the application software service, which may be implemented through the following steps.
Firstly, when the bug repair strength of the target application software service for the repair node is within a first target repair strength range corresponding to a first repair update behavior, updating the bug repair component of the target application software service for the repair node in an artificial intelligence mining system according to the bug repair component update information, and sending the update content to the bug repair process corresponding to the target application software service. For example, the bug fix update policy for the fix node includes lowering a fix priority of the target application software service for the fix node. The first target intensity may be flexibly set based on actual requirements, and the first target restoration intensity range may be (a, b), for example. The first target repair strength range has a maximum repair strength no greater than the first target strength, e.g., b is no greater than the first target strength. For example, the range of the data vulnerability fix strength can be configured to be 0 to 100, and the larger the value, the higher the vulnerability fix strength is.
Secondly, when the bug repair strength of the target application software service for the repaired node is within a second target repair strength range corresponding to a second repair update behavior, the target application software service can be prompted to update repair configuration, after the software function items corresponding to the target application software service are updated and repaired, the bug repair component of the target application software service for the repaired node is updated according to the bug repair component update information in the artificial intelligence mining system, wherein the bug repair update strategy for the repaired node comprises the step of improving the repair priority of the target application software service for the repaired node. The second target intensity may be flexibly set based on actual demand, and the second target repair intensity range may be (c, d), for example. In an embodiment, which may be based on independent concepts, the second preset intensity value is larger than the first preset intensity value, and the minimum repair intensity of the second target repair intensity range is not smaller than a second target intensity, e.g. c is not smaller than the second target intensity. When the bug repair strength of the target application software service for the repair node is between the first target strength and the second target strength, the bug repair component update information is that the bug repair component of the target application software service for the repair node is not updated. Thus, in an embodiment based on an independent concept, bug fixing update is dynamically performed according to corresponding bug fixing strength, for example, when the bug fixing strength is high, the fixing priority can be improved, and then bug fixing effect is further improved, and when the bug fixing strength is low, the fixing priority can be reduced.
In an embodiment that may be based on an independent concept, after the target application software service updates the vulnerability repair component for the repair node according to the vulnerability repair component update information, the repair category attribute of the vulnerability repair reference vector set of the target application software service for the vulnerability repair activity of the repair node is modified to the target repair category attribute. Therefore, the method can avoid that the vulnerability repair reference vector set of the same vulnerability repair activity is used as the basis for vulnerability repair updating for multiple times to increase the calculation amount.
In an embodiment that may be based on an independent concept, the vulnerability fix component update model may be obtained by performing model convergence configuration based on a training basis data set collected in advance, and the embodiment of the present application further provides a vulnerability fix update method based on artificial intelligence training, which may include the following steps S1000 to S4000, which are exemplarily described as follows.
S1000, acquiring a target application software service sequence comprising different application label characteristics and past bug fixing activity data which are marked with fixing type attributes and correspond to different bug fixing positions.
S2000, obtaining a knowledge entity configuration vector set corresponding to the vulnerability repair component updating model based on the application tag characteristics of the target application software service sequence and the past vulnerability repair activity data of the vulnerability repair position, wherein the knowledge entity configuration vector set comprises different reference vulnerability repair reference vector sets.
S3000, determining different vulnerability repair strength ranges, and performing range splitting on each reference vulnerability repair reference vector set included in the knowledge entity configuration vector set based on the corresponding vulnerability repair strength range to obtain training basic data sets with different vulnerability repair strengths corresponding to the vulnerability repair component update model, wherein each training basic data set comprises a plurality of reference vulnerability repair reference vector sets. For example, a plurality of vulnerability repair strength ranges may be determined according to a set vulnerability repair strength range such as 0 to 100, and for example, the vulnerability repair strength ranges may be divided into a plurality of strength ranges such as 0 to 15, 16 to 25, 26 to 35, 36 to 45, 46 to 55, 56 to 65, 66 to 75, 86 to 100, and then the strength values corresponding to the reference vulnerability repair reference vector sets in the knowledge entity configuration vector set are subjected to range splitting, and the vulnerability repair types corresponding to the corresponding strength ranges are divided based on the strength values corresponding to the reference vulnerability repair reference vector sets. Therefore, the network training speed can be improved by carrying out model convergence configuration on the repair priority updating model after the divided training basic data set.
In addition, in step S3000, different bug fix strength ranges are determined, and the knowledge entity configuration vector set is subjected to range splitting based on the corresponding bug fix strength range, so as to obtain training basic data sets with different bug fix strengths corresponding to the bug fix component update model, which can be implemented through the following steps.
Firstly, determining an application software service class label associated with the vulnerability repair component update model, and determining vulnerability repair strengths in different strength ranges based on the application software service class label of the vulnerability repair component update model. For example, the application service class label may be an e-commerce class label, a smart medical class label, or the like. For different actual conditions, vulnerability repair strengths corresponding to different strength ranges can be set;
then, determining vulnerability repair intensity data corresponding to each reference vulnerability repair reference vector set in the knowledge entity configuration vector set;
and finally, processing vulnerability repair intensity data corresponding to each reference vulnerability repair reference vector set in the knowledge entity configuration vector set based on a gradient descent algorithm of the vulnerability repair component update model and vulnerability repair intensities in different intensity ranges to obtain training basic data sets used for training different vulnerability repair intensities corresponding to the vulnerability repair component update model.
And S4000, performing model convergence configuration on the vulnerability repair component update model based on the training basic data sets with different vulnerability repair strengths to obtain a converged vulnerability repair component update model, so as to perform vulnerability repair update on the vulnerability repair component of the target application software service in the vulnerability repair position.
In an embodiment, which may be based on an independent concept, step S4000 may be implemented by the following steps.
Firstly, updating a vector mining structure in a model through the vulnerability repair component, processing each reference vulnerability repair reference vector set in the training basic data set, and determining first weight parameter information of the vector mining structure; processing each reference vulnerability repair reference vector set in the training basic data set through the vector mining structure based on first weight parameter information of the vector mining structure, and determining a risk learning evaluation coefficient of the vector mining structure; iteratively updating the weight information of the vector mining structure through each reference vulnerability remediation reference vector set in the training basic data set based on the risk learning evaluation coefficient of the vector mining structure until the training termination requirement is met to obtain a reference vulnerability remediation reference vector of the converged vector mining structure for each reference vulnerability remediation reference vector set in the training basic data set;
secondly, processing each reference vulnerability repair reference vector set in the training basic data set through the vulnerability repair strength analysis structure based on first weight parameter information of the vulnerability repair strength analysis structure, and determining a risk learning evaluation coefficient of the vulnerability repair strength analysis structure; iteratively updating the weight information of the vulnerability repair strength analysis structure through each reference vulnerability repair reference vector set in the training basic data set based on the risk learning evaluation coefficient of the vulnerability repair strength analysis structure until the training termination requirement is met to obtain a converged vulnerability repair strength analysis structure;
thirdly, processing each reference vulnerability repair reference vector set in the training basic data set through an update structure in the vulnerability repair component update model to determine first weight parameter information of the update structure; processing the reference vulnerability repair reference vector of each reference vulnerability repair reference vector set in the training basic data set through the updating structure based on the first weight parameter information of the updating structure to obtain a risk learning evaluation coefficient of the updating structure; and iteratively updating the risk learning evaluation coefficient of the updated structure through the training basic data set until the training termination requirement is met, and obtaining the converged updated structure.
In an embodiment, which may be based on independent concepts, the network structure of the vulnerability repair component update model may be, but is not limited to, a convolutional neural network, a deep learning network, a countermeasure network, and the like.
Based on the vulnerability repair component update model, in step S2004, vulnerability repair strength analysis is performed on the knowledge entity configuration vector set not carrying the target repair category attribute through the vulnerability repair component update model, and vulnerability repair component update information of the target application software service is obtained based on vulnerability repair strength data, which may include the following steps a to c.
a. And mining each vulnerability repair reference vector set in the knowledge entity configuration vector set which does not carry the target repair category attribute through the vector mining structure to obtain a reference vulnerability repair reference vector of each vulnerability repair reference vector set and a vulnerability repair knowledge map of the vulnerability repair position corresponding to each vulnerability repair reference vector set.
b. And inputting the reference vulnerability repair reference vectors of the vulnerability repair reference vector sets into the vulnerability repair strength analysis structure to carry out vulnerability repair strength analysis to obtain vulnerability repair strengths corresponding to the vulnerability repair reference vector sets respectively, and obtaining a vulnerability repair strength sequence based on the vulnerability repair strengths corresponding to the vulnerability repair reference vector sets respectively and vulnerability repair positions corresponding to the vulnerability repair reference vector sets respectively. The steps of analyzing the vulnerability repair strength comprise:
firstly, performing position association analysis on reference vulnerability repair reference vectors of each vulnerability repair reference vector set to obtain a plurality of vulnerability repair positions corresponding to the vulnerability repair reference vector set; the same vulnerability repair positions aiming at the same repair node can be grouped into one type;
then, calculating the number of reference vectors of each vulnerability repair position in the vulnerability repair reference vector set, and obtaining the importance level corresponding to each vulnerability repair position; for bug repair positions corresponding to different repair nodes, different importance levels can be set respectively based on the importance of the corresponding repair nodes;
then, obtaining the bug fixing strength corresponding to each bug fixing position based on the reference vector quantity corresponding to each bug fixing position and the importance level corresponding to each bug fixing position, and forming the bug fixing strength sequence based on the bug fixing strength corresponding to each bug fixing position. .
c. And inputting the vulnerability repair strength sequence into the updating structure, and calculating the vulnerability repair strength sequence through the updating structure to obtain vulnerability repair component updating information aiming at the target application software service.
In detail, in step c, the bug fixing positions may be sorted in order according to the strength values based on the bug fixing strengths corresponding to the various bug fixing positions in the bug fixing strength sequence, N high-strength bug fixing positions and M low-strength bug fixing positions are determined as candidate bug fixing activities based on the order sorting result, and the bug fixing component update information of the fixing node corresponding to each candidate bug fixing activity by the target application software service is obtained based on the bug fixing knowledge map corresponding to the candidate bug fixing activities. For example, the bug fixing positions may be sorted according to the intensity values based on the bug fixing intensities corresponding to the bug fixing positions in the bug fixing intensity sequence, the first N bug fixing positions are used as the high-intensity bug fixing positions, and the last M bug fixing positions are used as the low-intensity bug fixing positions, which is not limited here.
In an embodiment that may be based on an independent concept, in step c, each bug fixing position may be mapped to different strength ranges according to its corresponding bug fixing strength based on the bug fixing strengths corresponding to various bug fixing positions in the bug fixing strength sequence, the bug fixing positions in a set target high strength range and the bug fixing positions in a set target low strength range are used as candidate bug fixing activities that need to be updated, and the bug fixing component update information of the fixing node corresponding to each candidate bug fixing activity by the target application software service is obtained based on the bug fixing knowledge graph corresponding to the candidate bug fixing activities.
In this way, it can be determined that the candidate vulnerability repair activities with high strength and low strength perform vulnerability repair updating on the vulnerability repair component of the target application software service for the corresponding repair node.
The vulnerability repair component update information may include a current vulnerability repair component of the target application software service for the repair node corresponding to each candidate vulnerability repair activity, vulnerability repair components to be updated, and component repair update behaviors corresponding to each vulnerability repair component to be updated.
In addition, in an embodiment that may be based on an independent concept, the target output vulnerability discovery distribution may be implemented by the following vulnerability discovery method based on big data vulnerability discovery, which is exemplarily described as follows.
Step S10, acquiring a first vulnerability mining distribution mined by a first big data vulnerability mining network; the first big data vulnerability mining network is one of a plurality of big data vulnerability mining networks corresponding to the specified mining path, and the plurality of big data vulnerability mining networks corresponding to the specified mining path are used for conducting software service vulnerability mining on the specified mining path.
In an embodiment based on an independent concept, different big data vulnerability mining networks can be respectively configured for a specified mining path based on different mining dimensions (such as information security dimension, service operation stability dimension and the like). The big data vulnerability mining network can be a mining network obtained by carrying out sample training in advance, and specific samples can be selected based on specific mining dimensions.
And step S20, when the adjustment of the mining path of the first big data vulnerability mining network is finished and a second big data vulnerability mining network which is not adjusted in the mining path is detected, adding the first vulnerability mining distribution to a temporary vulnerability distribution output queue.
In an embodiment that may be based on an independent concept, determining that the first big data vulnerability mining network mining path adjustment is finished may be: and storing vulnerability mining distribution of the first big data vulnerability mining network in the transit output storage area, and determining that the adjustment of the mining path of the first big data vulnerability mining network is finished when the mining path adjustment situation of the first big data vulnerability mining network is in a set state and the first vulnerability mining distribution is different from the vulnerability mining distribution of the first big data vulnerability mining network stored in the transit output storage area.
Further, when there is no failure in adjusting the mining path, if the adjustment of the mining path is not performed, the data volume of the vulnerability mining distribution mined by the big data vulnerability mining network will be slowly increased, and the vulnerability mining distribution mined by the big data vulnerability mining network obtained currently will be more than the vulnerability mining distribution of the big data vulnerability mining network stored in the transit output storage area; if the mining path is adjusted, the vulnerability mining distribution mined by the big data vulnerability mining network is cleared, and then the data volume is slowly increased. Therefore, when the obtained first big data vulnerability mining network is different from the vulnerability mining distribution of the first big data vulnerability mining network stored in the transit output storage area corresponding to the storage vulnerability mining distribution, for example, the transit output storage area stores the vulnerability mining distribution of the first big data vulnerability mining network, and the mining path adjustment situation of the first big data vulnerability mining network is in a set state, it can be determined that the adjustment of the mining path of the first big data vulnerability mining network is finished.
In an embodiment based on an independent concept, specific nodes of a plurality of big data vulnerability mining networks corresponding to specified mining paths for completing mining path adjustment are different, namely when a certain big data vulnerability mining network completes mining path adjustment, other big data vulnerability mining networks may exist for completing mining path adjustment.
Based on this, when the first vulnerability mining distribution of the first big data vulnerability mining network is obtained, whether the first big data vulnerability mining network finishes the mining path adjustment or not can be judged. And when the adjustment of the excavation path of the first big data vulnerability excavation network is finished, determining whether a second big data vulnerability excavation network without excavation path adjustment exists in each big data vulnerability excavation network corresponding to the appointed excavation path.
In an embodiment based on an independent concept, due to the fact that adjustment of a part of large data vulnerability mining networks is finished, when the adjustment of mining paths is not carried out on part of large data vulnerability mining networks, if acquired vulnerability mining distributions are all recorded into a transfer output storage area used for storing the vulnerability mining distributions, the transfer output storage area used for storing the vulnerability mining distributions can simultaneously store the vulnerability mining distributions mined by the large data vulnerability mining networks after the adjustment of the mining paths is finished and the vulnerability mining distributions mined by the large data vulnerability mining networks without the adjustment of the mining paths. In this way, there may be an error in the vulnerability discovery sequence based on the discovery path corresponding to the vulnerability discovery distribution stored in the transit output storage area corresponding to the storage vulnerability discovery distribution.
When a large data vulnerability mining network without mining path adjustment exists, the vulnerability mining distribution mined by the large data vulnerability mining network after the mining path adjustment is finished can be added in a temporary vulnerability distribution output queue.
For example, the temporary vulnerability distribution output queue may be used to add the vulnerability mining distribution mined by the big data vulnerability mining network with the end of mining path adjustment after the end of mining path adjustment when there is a big data vulnerability mining network with the end of mining path adjustment and there is a big data vulnerability mining network without mining path adjustment.
Correspondingly, in order to improve the accuracy of vulnerability mining distribution software service, when the adjustment of the mining path of the first big data vulnerability mining network is finished and a second big data vulnerability mining network exists at present, the first vulnerability mining distribution can be added to the temporary vulnerability distribution output queue.
And step S30, determining the target output vulnerability mining distribution corresponding to the specified mining path based on the vulnerability mining distribution added in the temporary vulnerability distribution output queue and the vulnerability mining distribution stored in the transit output storage area corresponding to the storage vulnerability mining distribution.
In an embodiment based on an independent concept, when a big data vulnerability mining network with the adjusted mining path exists in each big data vulnerability mining network corresponding to the appointed mining path and a big data vulnerability mining network without the adjusted mining path exists, the target output vulnerability mining distribution corresponding to the appointed mining path is determined based on vulnerability mining distribution added in a temporary vulnerability distribution output queue and vulnerability mining distribution stored in a transit output storage area corresponding to the stored vulnerability mining distribution, so that the accuracy of software service vulnerability mining for the appointed mining path is improved.
For example, for a big data vulnerability mining network with any mining path adjusted, the vulnerability mining distribution of the big data vulnerability mining network added in the temporary vulnerability distribution output queue and the vulnerability mining distribution of the big data vulnerability mining network in the transit output storage area corresponding to the storage vulnerability mining distribution can be determined as the target output vulnerability mining distribution of the big data vulnerability mining network.
According to the design, when the big data vulnerability mining network with the adjusted mining path exists in each big data vulnerability mining network corresponding to the appointed mining path and the big data vulnerability mining network without the adjusted mining path exists, the vulnerability mining distribution mined by the big data vulnerability mining network with the adjusted mining path is added to the temporary vulnerability distribution output queue, and then the target output vulnerability mining distribution corresponding to the appointed mining path can be determined based on the vulnerability mining distribution added to the temporary vulnerability distribution output queue and the vulnerability mining distribution stored in the transfer output storage area corresponding to the stored vulnerability mining distribution, so that the accuracy of software service vulnerability mining of the appointed mining path is improved.
In an embodiment that may be based on an independent concept, when the adjustment of the mining path of the first big data vulnerability mining network is completed, the vulnerability mining distribution of the first target vulnerability mining network stored in the transit output storage area may be further synchronized to be the vulnerability mining distribution of each first target vulnerability mining network added in the temporary vulnerability distribution output queue, the vulnerability mining distribution of the first big data vulnerability mining network stored in the transit output storage area is adjusted to be the first vulnerability mining distribution, and the added vulnerability mining distribution of each big data vulnerability mining network corresponding to the designated mining path is initialized. The first target vulnerability mining network is other big data vulnerability mining networks except the first big data vulnerability mining network in each big data vulnerability mining network corresponding to the specified mining path.
In an embodiment based on an independent concept, if any big data vulnerability mining network does not carry out mining path adjustment, the current mining path adjustment process does not carry out mining path adjustment again when the big data vulnerability mining network finishes the mining path adjustment in the previous mining path adjustment process, or when the mining path adjustment fails in the previous mining path adjustment process, the current mining path adjustment process finishes the first mining path adjustment. In this way, in step S20, when the first big data vulnerability mining network mining path adjustment is finished and the second big data vulnerability mining network for which the mining path adjustment has not been performed is detected, the following contents may be further included.
Firstly, when the adjustment of the excavation path of the second big data vulnerability excavation network fails, configuring the network tag attribute of the first big data vulnerability excavation network into a set state corresponding to the adjustment of the excavation path, synchronizing the vulnerability excavation distribution of the first big data vulnerability excavation network stored in the transit output storage area into the first vulnerability excavation distribution, and initializing the vulnerability excavation distribution of the first big data vulnerability excavation network added in the temporary vulnerability distribution output queue.
And then, when a second target vulnerability mining network exists, configuring the network tag attribute of the second target vulnerability mining network into a set state corresponding to the non-excavation path adjustment, correspondingly synchronizing the vulnerability mining distribution of the second target vulnerability mining network stored in the transit output storage area as the vulnerability mining distribution of each second target vulnerability mining network added in the temporary vulnerability distribution output queue, and initializing the vulnerability mining distribution of the second target vulnerability mining network added in the temporary vulnerability distribution output queue. In an embodiment that may be based on an independent concept, the second target vulnerability mining network is another big data vulnerability mining network except the first big data vulnerability mining network and the second big data vulnerability mining network in each big data vulnerability mining network corresponding to the specified mining path, and the mining path adjustment failure means that the big data vulnerability mining network does not execute the mining path adjustment due to the collapse of the adjustment process. Therefore, when the second big data vulnerability mining network mining path adjustment fails, the step of adding the first vulnerability mining distribution to the temporary vulnerability distribution output queue is executed.
In an embodiment that may be based on an independent concept, when the adjustment of the first big data vulnerability mining network mining path is finished and a second big data vulnerability mining network currently exists, and when the adjustment of the second big data vulnerability mining network mining path fails, the vulnerability mining distribution of the second big data vulnerability mining network stored in the transit output storage area may be added to the temporary vulnerability distribution output queue. And when a second vulnerability mining distribution mined by the second big data vulnerability mining network is obtained, determining whether vulnerability mining sequences in the second vulnerability mining distribution are all empty sets. And then, when the vulnerability mining sequences in the second vulnerability mining distribution are all empty sets, configuring the network tag attribute of the second big data vulnerability mining network into a set state corresponding to non-mining path adjustment, initializing the vulnerability mining distribution of the second big data vulnerability mining network added in the temporary vulnerability distribution output queue, and synchronizing the vulnerability mining distribution of the second big data vulnerability mining network stored in the transit output storage area into the second vulnerability mining distribution. And when the vulnerability mining sequence in any second vulnerability mining distribution is not an empty set, deleting the vulnerability mining distribution of the second big data vulnerability mining network added in the temporary vulnerability distribution output queue from the second vulnerability mining distribution to obtain a third vulnerability mining distribution, and synchronizing the vulnerability mining distribution of the second big data vulnerability mining network stored in the transfer output storage area into the third vulnerability mining distribution.
In an embodiment which can be based on an independent concept, when the adjustment of the excavation path of the first big data vulnerability excavation network is finished, whether the excavation path adjustment situation of the first big data vulnerability excavation network is matched with a target situation characteristic is judged; and when the mining path adjustment situation of the first big data vulnerability mining network matches the target situation characteristics and a second big data vulnerability mining network exists at present, determining that the second big data vulnerability mining network fails to adjust the mining path.
Wherein, the mining path adjustment situation comprises mining vulnerability situation data, and determining whether the mining path adjustment situation of the first big data vulnerability mining network matches with the target situation characteristics comprises:
determining whether the excavation vulnerability situation data corresponding to the first big data vulnerability excavation network reaches a preset vulnerability situation quantity, wherein the excavation vulnerability situation data represents the excavation vulnerability data quantity of excavation vulnerability excavation distribution of the first big data vulnerability excavation network when the excavation path adjustment is finished;
and when the excavation vulnerability situation data corresponding to the first big data vulnerability excavation network reaches the preset vulnerability situation quantity, determining that the excavation path adjustment situation of the first big data vulnerability excavation network matches with the target situation characteristics.
Or, the mining path adjustment situation may include a mining path adjustment progress at the end of the mining path adjustment, and the determining whether the mining path adjustment situation of the first big data vulnerability mining network matches the target situation characteristic may include:
determining whether the adjustment progress of the excavation path of the first big data vulnerability excavation network after the adjustment is finished reaches a target progress; and when the adjustment progress of the mining path of the first big data vulnerability mining network after adjustment is finished reaches the target progress, determining that the adjustment situation of the mining path of the first big data vulnerability mining network matches the target situation characteristic.
Further, in an embodiment that may be based on an independent concept, when the second big data vulnerability mining network fails to adjust the mining path, a third target vulnerability mining network may be initialized, where the third target vulnerability mining network is another big data vulnerability mining network except the second big data vulnerability mining network in each big data vulnerability mining network corresponding to the specified mining path.
Based on the above steps, when the adjustment of the mining path of the first big data vulnerability mining network is finished, in this embodiment, when the mining path adjustment situation of the first big data vulnerability mining network is not matched with the target situation characteristics and the second big data vulnerability mining network does not exist, the network tag attributes of each big data vulnerability mining network corresponding to the specified mining path are configured to be the setting state corresponding to the non-mining path adjustment, and the mining path adjustment situation of each big data vulnerability mining network corresponding to the specified mining path is initialized. For example, initializing the mining path adjustment posture includes setting the mining vulnerability posture data or the mining path adjustment progress to null.
In addition, the mining path adjustment situation may further include mining vulnerability situation data, and on the basis of the content, the determining whether the mining path adjustment situation of the first big data vulnerability mining network matches the target situation feature may include the following contents:
when the excavation vulnerability situation data corresponding to the first big data vulnerability excavation network does not reach the preset vulnerability situation quantity, determining that the excavation path adjustment situation of the first big data vulnerability excavation network is not matched with the target situation characteristics;
or, the mining path adjustment situation includes a mining path adjustment progress after the mining path adjustment is finished, and determining whether the mining path adjustment situation of the first big data vulnerability mining network matches the target situation characteristic further includes:
and when the adjustment progress of the mining path of the first big data vulnerability mining network after adjustment is not reached to the target progress, determining that the adjustment situation of the mining path of the first big data vulnerability mining network is not matched with the characteristics of the target situation.
And when the mining path adjustment situation comprises mining vulnerability situation data, the method further comprises: and summarizing the excavation vulnerability situation data corresponding to the first big data vulnerability excavation network when the excavation path adjustment situation of the first big data vulnerability excavation network is not matched with the target situation characteristics and a second big data vulnerability excavation network exists at present.
In an embodiment based on an independent concept, when a big data vulnerability mining network with the adjusted mining path and a big data vulnerability mining network without the adjusted mining path exist in each big data vulnerability mining network corresponding to the specified mining path, the vulnerability mining distribution added in the temporary vulnerability distribution output queue comprises the vulnerability mining distribution mined by the big data vulnerability mining network with the adjusted mining path when the current mining path is adjusted, and the vulnerability mining distribution stored in the transit output storage area comprises the vulnerability mining distribution mined by the big data vulnerability mining network with the adjusted mining path before the current mining path is adjusted, and the vulnerability mining distribution of the big data vulnerability mining network without the adjusted mining path.
Based on the vulnerability mining distribution added in the temporary vulnerability distribution output queue and the vulnerability mining distribution stored in the transit output storage area corresponding to the storage vulnerability mining distribution, the target output vulnerability mining distribution corresponding to the specified mining path is determined, and the method can be realized in the following manner.
Firstly, the whole analysis information of the first category vulnerability mining sequences in the newly added vulnerability mining distribution of the big data vulnerability mining network with the adjusted mining path added in the temporary vulnerability distribution output queue and the vulnerability mining distribution stored in the transit output storage area added in the last time of each big data vulnerability mining network can be compared with the whole analysis information of the second category vulnerability mining sequences in the newly added vulnerability mining distribution of the big data vulnerability mining network with the adjusted mining path added in the temporary vulnerability distribution output queue and the vulnerability mining distribution stored in the transit output storage area added in the last time of each big data vulnerability mining network, so as to obtain the determination result of the software service vulnerability information in the specified mining path.
Wherein, in each big data vulnerability mining network corresponding to the specified mining path, a big data vulnerability mining network without mining path adjustment exists, and a big data vulnerability mining network with failed mining path adjustment exists, but when the big data vulnerability mining network with finished mining path adjustment does not exist, the vulnerability mining distribution added in the temporary vulnerability distribution output queue comprises the vulnerability mining distribution which is recently mined by the big data vulnerability mining network with failed mining path adjustment before the big data vulnerability mining network is determined to be failed mining path adjustment, the vulnerability mining distribution which is stored in the transfer output storage area and is mined by other big data vulnerability mining networks in each big data vulnerability mining network except the big data vulnerability mining network with failed mining path adjustment, and the vulnerability mining distribution which is mined by the big data vulnerability mining network with failed mining path adjustment after the big data vulnerability mining network with failed mining path adjustment is determined to be failed mining path adjustment, and the big data vulnerability mining network And adding, by the mining network, the difference information of the recently mined vulnerability mining distribution before being determined as failure of mining path adjustment in a temporary vulnerability distribution output queue.
Based on this, determining the target output vulnerability mining distribution corresponding to the specified mining path based on the vulnerability mining distribution added to the temporary vulnerability distribution output queue and the vulnerability mining distribution stored in the transit output storage area corresponding to the storage vulnerability mining distribution may include:
and comparing and analyzing the whole analysis information of the first category vulnerability mining sequences in the vulnerability mining distribution which is added recently by each big data vulnerability mining network and stored in the transfer output storage area with the whole analysis information of the second category vulnerability mining sequences in the vulnerability mining distribution which is added recently by each big data vulnerability mining network and stored in the transfer output storage area, and obtaining a determination result of the software service vulnerability information in the specified mining path as the target output vulnerability mining distribution.
Fig. 3 illustrates a hardware structural diagram of the artificial intelligence mining system 100 for implementing the above-described vulnerability fixing method based on big data vulnerability mining, according to an embodiment of the present application, as shown in fig. 3, the artificial intelligence mining system 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a communication unit 140.
In a specific implementation process, at least one processor 110 executes computer-executable instructions recorded in the machine-readable storage medium 120, so that the processor 110 may execute the vulnerability fixing method based on big data vulnerability discovery according to the above method embodiment, the processor 110, the machine-readable storage medium 120, and the communication unit 140 are connected through the bus 130, and the processor 110 may be configured to control the transceiving action of the communication unit 140, so as to perform data transceiving with the cloud service system 200.
For a specific implementation process of the processor 110, reference may be made to the above-mentioned method embodiments executed by the artificial intelligence mining system 100, which implement principles and technical effects similar to each other, and this embodiment is not described herein again.
In addition, an embodiment of the present application further provides a readable storage medium, where a decision in the readable storage medium is provided with computer-executable instructions, and when a processor executes the computer-executable instructions, the vulnerability repairing method based on big data vulnerability mining is implemented as described above.
Finally, it should be understood that the examples in this specification are only intended to illustrate the principles of the examples in this specification. Other variations are also possible within the scope of this description. Accordingly, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be seen as matching the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.

Claims (9)

1. A vulnerability fix method based on big data vulnerability discovery is characterized by comprising the following steps:
acquiring a specified mining path, a vulnerability repair reference vector set which is corresponding to a target application software service and does not carry vulnerability repair activities of target repair category attributes and target output vulnerability mining distribution corresponding to the specified mining path based on change indication information of a vulnerability repair component aiming at the target application software service;
based on the vulnerability repair reference vector set of the vulnerability repair activities which do not carry the target repair category attributes, obtaining vulnerability repair component update information aiming at the target application software service through a vulnerability repair component update model which is subjected to AI training in advance, and updating the vulnerability repair components of the target application software service;
performing vulnerability repair on the target application software service through the updated vulnerability repair component based on the target output vulnerability mining distribution;
the vulnerability repair reference vector set based on the vulnerability repair activities without the target repair category attributes and the vulnerability repair component update information aiming at the target application software service is obtained through a vulnerability repair component update model which is subjected to AI training in advance, and the vulnerability repair component of the target application software service is updated, wherein the vulnerability repair reference vector set comprises:
determining different bug fixing positions respectively corresponding to bug fixing reference vector sets which do not carry bug fixing activities of target fixing category attributes and correspond to the target application software service;
determining vulnerability repair knowledge maps corresponding to the different vulnerability repair positions based on the different vulnerability repair positions;
based on the vulnerability repair knowledge graph, performing knowledge entity configuration on a vulnerability repair reference vector set which does not carry vulnerability repair activities of the target repair category attribute and corresponds to the target application software service to obtain a knowledge entity configuration vector set which does not carry the target repair category attribute and corresponds to the corresponding vulnerability repair position;
performing vulnerability repair strength analysis on the knowledge entity configuration vector set which does not carry the target repair category attribute through the vulnerability repair component update model, and obtaining vulnerability repair component update information of the target application software service based on vulnerability repair strength data, wherein the vulnerability repair component update model comprises a vector mining structure, a vulnerability repair strength analysis structure and an update structure;
sending vulnerability repair component update information of the target application software service to a vulnerability repair process corresponding to the target application software service so as to perform vulnerability repair update on vulnerability repair components of repair nodes corresponding to candidate vulnerability repair activities of the target application software service;
the vulnerability repair reference vector set is used for representing reference repair strategy characteristic information in the previous vulnerability repair process.
2. The big-data vulnerability discovery-based vulnerability discovery method according to claim 1, wherein the vulnerability discovery component update information includes a repairing node corresponding to a candidate vulnerability discovery activity with vulnerability discovery intensity within a target discovery intensity range obtained based on vulnerability discovery intensity data, and a vulnerability discovery update policy for the corresponding repairing node, the vulnerability discovery component update information of the target application software service is sent to a vulnerability discovery process corresponding to the target application software service, so as to perform vulnerability discovery update on the repairing component of the application software service for the repairing node corresponding to the candidate vulnerability discovery activity, including:
when the bug repair strength of the target application software service for the repaired node is within a first target repair strength range corresponding to a first repair update behavior, updating a bug repair component of the target application software service for the repaired node in an artificial intelligence mining system according to the bug repair component update information, and sending the update content to a bug repair process corresponding to the target application software service, wherein a bug repair update strategy for the repaired node comprises reducing the repair priority of the target application software service for the repaired node, and the maximum repair strength of the first target repair strength range is not greater than a first target strength;
when the bug repair strength of the target application software service for the repaired node is within a second target repair strength range corresponding to a second repair update behavior, starting a process of updating, repairing and configuring a software function project corresponding to the target application software service, and after the software function project corresponding to the target application software service is subjected to updating and repairing, updating a bug repair component of the target application software service for the repaired node in the artificial intelligence mining system according to the bug repair component update information, wherein a bug repair update strategy for the repaired node comprises improving the repair priority of the target application software service for the repaired node, and the minimum repair strength of the second target repair strength range is not less than a second target strength;
and after updating the vulnerability repair component of the target application software service for the repair node according to the vulnerability repair component update information, modifying the repair category attribute of the target application software service for the vulnerability repair reference vector set of the vulnerability repair activity of the repair node into the target repair category attribute.
3. The big-data vulnerability discovery-based vulnerability discovery method of claim 1, wherein the method further comprises:
acquiring a target application software service sequence with different application label characteristics and past bug fixing activity data which are marked with fixing type attributes and correspond to different bug fixing positions;
obtaining a knowledge entity configuration vector set corresponding to the vulnerability repair component update model based on the application tag characteristics of the target application software service sequence and the past vulnerability repair activity data of the vulnerability repair position, wherein the knowledge entity configuration vector set comprises different reference vulnerability repair reference vector sets;
determining different vulnerability repair strength ranges, and performing range splitting on each reference vulnerability repair reference vector set included in the knowledge entity configuration vector set based on the corresponding vulnerability repair strength range to obtain training basic data sets with different vulnerability repair strengths corresponding to the vulnerability repair component update model, wherein each training basic data set comprises a plurality of reference vulnerability repair reference vector sets;
and carrying out model convergence configuration on the vulnerability repair component updating model based on the training basic data sets with different vulnerability repair strengths to obtain a vulnerability repair component updating model after model convergence configuration, so as to carry out vulnerability repair updating on the vulnerability repair component of the target application software service in the vulnerability repair device.
4. The big-data vulnerability discovery-based vulnerability discovery method according to claim 3, wherein the determining different vulnerability discovery intensity ranges and performing range splitting on the knowledge entity configuration vector set based on the corresponding vulnerability discovery intensity ranges to obtain training basis data sets of different vulnerability discovery intensities corresponding to the vulnerability discovery component update model comprises:
determining an application software service class label associated with the vulnerability repair component update model, and determining vulnerability repair strengths in different strength ranges based on the application software service class label of the vulnerability repair component update model;
determining vulnerability repair intensity data corresponding to each reference vulnerability repair reference vector set in the knowledge entity configuration vector set;
processing vulnerability repair intensity data corresponding to each reference vulnerability repair reference vector set in the knowledge entity configuration vector set based on a gradient descent algorithm corresponding to the vulnerability repair component update model and vulnerability repair intensities in different intensity ranges to obtain training basic data sets used for training different vulnerability repair intensities corresponding to the vulnerability repair component update model;
the training basic data set based on different bug fixing strengths is used for carrying out model convergence configuration on the bug fixing component updating model to obtain the bug fixing component updating model after model convergence configuration, and the method comprises the following steps:
updating a vector mining structure in a model through the vulnerability repair component, processing each reference vulnerability repair reference vector set in the training basic data set, and determining first weight parameter information of the vector mining structure; processing each reference vulnerability repair reference vector set in the training basic data set through the vector mining structure based on first weight parameter information of the vector mining structure, and determining a risk learning evaluation coefficient of the vector mining structure; iteratively updating the weight information of the vector mining structure through each reference vulnerability remediation reference vector set in the training basic data set based on the risk learning evaluation coefficient of the vector mining structure until the training termination requirement is met, so as to obtain a converged vector mining structure for vector mining of the reference vulnerability remediation reference vector of each reference vulnerability remediation reference vector set in the training basic data set;
processing each reference vulnerability repair reference vector set in the training basic data set through the vulnerability repair strength analysis structure based on first weight parameter information of the vulnerability repair strength analysis structure, and determining a risk learning evaluation coefficient of the vulnerability repair strength analysis structure; iteratively updating the weight information of the vulnerability repair strength analysis structure through each reference vulnerability repair reference vector set in the training basic data set based on the risk learning evaluation coefficient of the vulnerability repair strength analysis structure until the training termination requirement is met, and obtaining a converged vulnerability repair strength analysis structure;
processing each reference vulnerability repair reference vector set in the training basic data set through an update structure in the vulnerability repair component update model to determine first weight parameter information of the update structure; processing the reference vulnerability repair reference vector of each reference vulnerability repair reference vector set in the training basic data set through the updating structure based on the first weight parameter information of the updating structure to obtain a risk learning evaluation coefficient of the updating structure; and iteratively updating the risk learning evaluation coefficient of the updated structure through the training basic data set until the training termination requirement is met, and obtaining the converged updated structure.
5. The big-data vulnerability discovery-based vulnerability discovery method according to any one of claims 1-4, wherein the vulnerability discovery strength analysis of the knowledge entity configuration vector set not carrying the target discovery category attribute through the vulnerability discovery component update model, and obtaining vulnerability discovery component update information of the target application software service based on vulnerability discovery strength data comprises:
mining each vulnerability repair reference vector set in the knowledge entity configuration vector set which does not carry the target repair category attribute through the vector mining structure to obtain a reference vulnerability repair reference vector of each vulnerability repair reference vector set and a vulnerability repair knowledge-graph of a vulnerability repair position corresponding to each vulnerability repair reference vector set;
inputting the reference vulnerability repair reference vector of each vulnerability repair reference vector set into the vulnerability repair strength analysis structure for vulnerability repair strength analysis to obtain vulnerability repair strength corresponding to each vulnerability repair reference vector set, and obtaining a vulnerability repair strength sequence based on the vulnerability repair strength corresponding to each vulnerability repair reference vector set and the vulnerability repair position corresponding to each vulnerability repair reference vector set;
inputting the vulnerability repair strength sequence into the updating structure, and processing the vulnerability repair strength sequence through the updating structure to obtain vulnerability repair component updating information aiming at the target application software service; wherein:
the method includes the steps of inputting reference vulnerability repair reference vectors of all vulnerability repair reference vector sets into the vulnerability repair strength analysis structure for vulnerability repair strength analysis, obtaining vulnerability repair strengths corresponding to all vulnerability repair reference vector sets respectively, and obtaining a vulnerability repair strength sequence based on the vulnerability repair strengths corresponding to all vulnerability repair reference vector sets respectively and vulnerability repair positions corresponding to all vulnerability repair reference vector sets, and includes the following steps:
performing position association analysis on the reference vulnerability repair reference vectors of each vulnerability repair reference vector set to obtain a plurality of vulnerability repair positions corresponding to the vulnerability repair reference vector set;
calculating the number of reference vectors of each vulnerability repair position in the vulnerability repair reference vector set, and obtaining the importance level corresponding to each vulnerability repair position;
and acquiring the bug repairing strength corresponding to each bug repairing position based on the reference vector quantity corresponding to each bug repairing position and the importance level corresponding to each bug repairing position, and configuring the bug repairing strength sequence based on the bug repairing strength corresponding to each bug repairing position.
6. The big-data vulnerability discovery-based vulnerability discovery method according to claim 5, wherein the inputting the vulnerability discovery strength sequence into the update structure, processing the vulnerability discovery strength sequence through the update structure to obtain vulnerability discovery component update information for the target application software service comprises:
the method comprises the steps that sequential arrangement is carried out on all bug repair positions according to intensity values based on bug repair intensities corresponding to all bug repair positions in a bug repair intensity sequence, N high-intensity bug repair positions and M low-intensity bug repair positions are determined to be candidate bug repair activities based on sequential arrangement results, and bug repair component update information of repair nodes respectively corresponding to the candidate bug repair activities by the target application software service is obtained based on bug repair knowledge maps corresponding to the candidate bug repair activities, wherein N is a first target number, and M is a second target number; or
Dividing each bug fixing position into different set strength ranges based on bug fixing strength corresponding to each bug fixing position in the bug fixing strength sequence, taking the bug fixing position in the set target high strength range and the bug fixing position in the set target low strength range as candidate bug fixing activities, and obtaining the bug fixing component updating information of the fixing node corresponding to each candidate bug fixing activity by the target application software service based on the bug fixing knowledge map corresponding to the candidate bug fixing activities.
7. The big-data vulnerability discovery-based vulnerability discovery method of claim 6, wherein the vulnerability repair component update information comprises current vulnerability repair components and vulnerability repair components to be updated of the target application software service for the repair nodes corresponding to each candidate vulnerability repair activity, and component repair update behaviors corresponding to each vulnerability repair component to be updated.
8. The big-data vulnerability discovery based vulnerability discovery method according to any of claims 1-4, wherein the method further comprises:
acquiring a first vulnerability mining distribution mined by a first big data vulnerability mining network; the first big data vulnerability mining network is one of a plurality of big data vulnerability mining networks corresponding to a specified mining path, and the plurality of big data vulnerability mining networks corresponding to the specified mining path are used for performing software service vulnerability mining on the specified mining path;
when the adjustment of the mining path of the first big data vulnerability mining network is finished and a second big data vulnerability mining network which is not subjected to the adjustment of the mining path is detected, adding the first vulnerability mining distribution to a temporary vulnerability distribution output queue;
and determining the target output vulnerability mining distribution corresponding to the specified mining path based on the vulnerability mining distribution added in the temporary vulnerability distribution output queue and the vulnerability mining distribution stored in the transfer output storage area corresponding to the recorded vulnerability mining distribution.
9. An artificial intelligence mining system, comprising a processor and a machine-readable storage medium, wherein the machine-readable storage medium stores machine-executable instructions, and the machine-executable instructions are loaded and executed by the processor to implement the big data vulnerability discovery based vulnerability discovery method of any one of claims 1-8.
CN202111015428.XA 2021-08-31 2021-08-31 Vulnerability repairing method based on big data vulnerability mining and artificial intelligence mining system Active CN113688401B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111015428.XA CN113688401B (en) 2021-08-31 2021-08-31 Vulnerability repairing method based on big data vulnerability mining and artificial intelligence mining system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111015428.XA CN113688401B (en) 2021-08-31 2021-08-31 Vulnerability repairing method based on big data vulnerability mining and artificial intelligence mining system

Publications (2)

Publication Number Publication Date
CN113688401A CN113688401A (en) 2021-11-23
CN113688401B true CN113688401B (en) 2022-06-17

Family

ID=78584525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111015428.XA Active CN113688401B (en) 2021-08-31 2021-08-31 Vulnerability repairing method based on big data vulnerability mining and artificial intelligence mining system

Country Status (1)

Country Link
CN (1) CN113688401B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115481407A (en) * 2022-05-23 2022-12-16 黄小勇 Vulnerability mining method and AI vulnerability mining system based on big data service page
CN114697143B (en) * 2022-06-02 2022-08-23 苏州英博特力信息科技有限公司 Information processing method based on fingerprint attendance system and fingerprint attendance service system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112422665A (en) * 2020-11-09 2021-02-26 国家电网有限公司 Generation method of attack path in ubiquitous power Internet of things scene
CN112749396A (en) * 2021-01-21 2021-05-04 恒安嘉新(北京)科技股份公司 Method, device, equipment and storage medium for constructing security vulnerability knowledge graph

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110113314B (en) * 2019-04-12 2021-05-14 中国人民解放军战略支援部队信息工程大学 Network security domain knowledge graph construction method and device for dynamic threat analysis
WO2020252529A1 (en) * 2019-06-19 2020-12-24 Swinburne University Of Technology System for automatically detecting software vulnerability
CN110378126B (en) * 2019-07-26 2021-03-26 北京中科微澜科技有限公司 Vulnerability detection method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112422665A (en) * 2020-11-09 2021-02-26 国家电网有限公司 Generation method of attack path in ubiquitous power Internet of things scene
CN112749396A (en) * 2021-01-21 2021-05-04 恒安嘉新(北京)科技股份公司 Method, device, equipment and storage medium for constructing security vulnerability knowledge graph

Also Published As

Publication number Publication date
CN113688401A (en) 2021-11-23

Similar Documents

Publication Publication Date Title
CN113688401B (en) Vulnerability repairing method based on big data vulnerability mining and artificial intelligence mining system
US10305776B2 (en) Network verification
Feige et al. Learning and inference in the presence of corrupted inputs
CN113609210B (en) Big data visualization processing method based on artificial intelligence and visualization service system
CN108737213B (en) High-parallelism and high-throughput penetration test system and method based on FPGA
CN107748668A (en) A kind of method and device of application program updating
CN111008152B (en) Kernel module compatibility influence domain analysis method, system and medium based on function dependency graph
CN113688400B (en) Object output method based on big data vulnerability mining and big data mining system
CN113468044B (en) Test case generation method based on improved grey predictive evolution algorithm
EP0369700A2 (en) Modifying pattern-matching networks
US9058313B2 (en) Test method for distributed processing system and distributed processing system
CN114780967B (en) Mining evaluation method based on big data vulnerability mining and AI vulnerability mining system
CN114840856B (en) State-aware Internet of things trusted execution environment fuzzy test method and system
CN114201199B (en) Protection upgrading method based on big data of information security and information security system
CN113704751B (en) Vulnerability repairing method based on artificial intelligence decision and big data mining system
CN113364788A (en) Protection configuration updating method based on big data and AI and big data defense system
CN114238992A (en) Threat vulnerability mining method based on big information security data and information security system
CN110544113B (en) Method and device for determining input of fuel charge in transaction based on intelligent contract
KR102105032B1 (en) An efficient pareto set selection method for optimization of multi-objective systems
Hu et al. APU-D* lite: Attack planning under uncertainty based on D* lite
CN111475321A (en) Neural network security property verification method based on iterative abstract analysis
CN118300906B (en) Normalized attack path automatic generation and verification method, device and system
CN115510451B (en) Random walk-based firmware patch existence judging method and system
Sharma et al. Applications of different metaheuristic techniques for finding optimal tst order during integration testing of object oriented systems and their comparative study
CN113364789A (en) Digital information safety processing method based on AI and big data and AI decision-making system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220411

Address after: 250000 1105b, No. 51, Wenhua East Road, Lixia District, Jinan City, Shandong Province

Applicant after: Shandong Hairong Communication Co.,Ltd.

Address before: 650000 No. 06, 21 / F, block B, Shantou building, Huancheng South Road, Xishan District, Kunming City, Yunnan Province

Applicant before: Yang Xin

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220511

Address after: 650000 No. 06, 21 / F, block B, Shantou building, Huancheng South Road, Xishan District, Kunming City, Yunnan Province

Applicant after: Yang Xin

Address before: 250000 1105b, No. 51, Wenhua East Road, Lixia District, Jinan City, Shandong Province

Applicant before: Shandong Hairong Communication Co.,Ltd.

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220526

Address after: No. 625, Xinlian Road, Xixing street, Binjiang District, Hangzhou, Zhejiang 310000

Applicant after: ZHEJIANG HEREN TECHNOLOGY Co.,Ltd.

Address before: 650000 No. 06, 21 / F, block B, Shantou building, Huancheng South Road, Xishan District, Kunming City, Yunnan Province

Applicant before: Yang Xin

GR01 Patent grant
GR01 Patent grant